PT-2015-1872 · Apple+2 · Webkit+4

Antonio Sanso

Publicado

2015-08-16

Atualizado

2024-06-15

CVE-2015-3752

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple Safari versions before 6.2.8 Apple Safari versions 7.x before 7.1.8 Apple Safari versions 8.x before 8.0.8 iOS versions before 8.4.1

Description The issue is related to the Content Security Policy implementation in WebKit, which does not properly restrict cookie transmission for report requests. This can allow a remote attacker to obtain sensitive information via vectors involving a cross-origin request or a private-browsing request.

Recommendations For Apple Safari versions before 6.2.8, update to version 6.2.8 or later. For Apple Safari versions 7.x before 7.1.8, update to version 7.1.8 or later. For Apple Safari versions 8.x before 8.0.8, update to version 8.0.8 or later. For iOS versions before 8.4.1, update to version 8.4.1 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2016-1245

ALT-PU-2016-1315

BDU:2015-11218

CVE-2015-3752

MGASA-2016-0116

MGASA-2016-0120

OPENSUSE-SU-2024:10461-1

USN-2937-1

Produtos afetados

Alt Linux

Safari

Ubuntu

Webkit

Ios

PT-2015-1872 · Apple+2 · Webkit+4

CVE-2015-3752

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 148